Actions
Feature #1158
closedParser DNS TXT data parsing and logging
Effort:
Difficulty:
Label:
Description
I am trying to detect DNS Tunneling.
For this I use the DNS logger in Suricata 2.0.
But when TXT answers have lot of data, the DNS logger say '<no data>'.
Files
Updated by Christie Bunlon about 11 years ago
Sorry is not the parser but the DNS logger.
Updated by Victor Julien about 11 years ago
- Status changed from New to Assigned
- Assignee set to Victor Julien
- Target version set to 2.0.1rc1
I think this is only matter of extending the dns loggers. If it turns out to be more involved it will likely go into 2.1.
Updated by Victor Julien about 11 years ago
- Target version changed from 2.0.1rc1 to 2.0.2
Updated by Victor Julien almost 11 years ago
- % Done changed from 0 to 50
Please test: https://github.com/inliniac/suricata/pull/967
Updated by Victor Julien almost 11 years ago
- Tracker changed from Bug to Feature
- Subject changed from Parser DNS no parsing TXT data to Parser DNS TXT data parsing and logging
Updated by Christie Bunlon almost 11 years ago
I have tested it but it seems still not working,saying again <no data> with 90dns22.pcap
Updated by Victor Julien almost 11 years ago
I'm not getting any 'no data' with this branch, are you sure you tested the branch from pull request 967?
Updated by Christie Bunlon almost 11 years ago
Sorry, i made a mistake with my suricata.
It's logging correctly the answers now.
Thank you for your help. You can close the ticket. :)
Updated by Victor Julien almost 11 years ago
- Status changed from Assigned to Closed
- % Done changed from 50 to 100
Actions